#!/bin/sh

debug_command() {
    echo
    echo "===== output of command $@ ====="
    "$@"
}

debug_file() {
    local user="${1}"
    shift
    file="${1}"
    [ ! -e "${file}" ] && return
    echo
    echo "===== content of ${file} ====="
    sudo -u "${user}" -- cat "${file}"
}

debug_directory() {
    local user="${1}"
    shift
    dir="${1}"
    [ ! -d "${dir}" ] && return
    echo
    echo "===== listing of ${dir} ====="
    sudo -u "${user}" -- /bin/ls -lA "${dir}"
    for file in "${dir}"/* ; do
        debug_file "${user}" "${file}"
    done
}

debug_command /usr/sbin/dmidecode -s system-manufacturer
debug_command /usr/sbin/dmidecode -s system-product-name
debug_command /usr/sbin/dmidecode -s system-version
debug_command "/bin/lsmod"
debug_command "/bin/mount"
debug_command "/usr/bin/lspci"
debug_command /bin/journalctl --catalog --no-pager

# Great attention must be given to the ownership situation of these
# files and their parent directories in order to avoid a symlink-based
# attack that could read the contents of any file and make it
# accessible to the user running this script (typicall the live
# user). Therefore, when adding a new file, give as the first argument
# 'root' only if the complete path to it (including the file itself)
# is owned by root and already exists before the system is connected to
# the network (that is, before GDM's PostLogin script is run).
# If not, the following rules must be followed strictly:
#
# * only one non-root user is involved in the ownership situation (the
#   file, its dir and the parent dirs). From now on let's assume it is
#   the case and call it $USER.
#
# * if any non-root group has write access, it must not have any
#   members.
#
# If any of these rules does not apply, the file cannot be added here
# safely and something is probably quite wrong and should be
# investigated carefully.
debug_file root "/etc/X11/xorg.conf"
debug_file root "/proc/asound/cards"
debug_file root "/proc/asound/devices"
debug_file root "/proc/asound/modules"
debug_file root "/proc/cmdline"
debug_file Debian-gdm "/var/log/gdm3/tails-greeter.errors"
debug_file root "/var/log/live-persist"
debug_file root "/var/log/live/boot.log"
debug_file root "/var/log/live/config.log"
debug_file root "/var/lib/gdm3/tails.persistence"
debug_file root "/var/lib/live/config/tails.physical_security"
debug_file root "/live/persistence/TailsData_unlocked/persistence.conf"
debug_file root "/live/persistence/TailsData_unlocked/live-additional-software.conf"
debug_directory root "/live/persistence/TailsData_unlocked/apt-sources.list.d"
